Login

Amazon Linux AMI : sssd (ALAS-2017-935)

High Nessus Plugin ID 105420

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Unsanitized input when searching in local cache databaseIt was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. (CVE-2017-12173)